SOLVED: OpenVPN works but no access to lan device

Discussion in 'Tomato Firmware' started by GLuDeRo, Sep 15, 2016.

  1. GLuDeRo

    GLuDeRo Serious Server Member

    Hello world

    Got another strange behavior from my trusty tomato router.

    I have correctly configured a Site-to-Site TAP (actually 1 TAP openVPN server and 2 clients). The netmask for these is 192.168.124.0/22. Everything is working great here.

    Now since I have to connect some iOS devices, I needed also a TUN server (so 2 OpenVPN servers running on one tomato router, 1 TAP and 1 TUN). Here is some screenshots:

    [​IMG]
    [​IMG]

    Clients do connect via TUN, but they do not have access to Device LAN (to any subnet to be clear, even with the TAP server not running): they can only ping the router IP address, but nothing else. I tried selecting and deselecting the 'push LAN to client' button, adding and removing option for single clients, specifying and note specifyfing the following:

    Code:
    push "route 192.168.124.0 255.255.252.0"
    But I keep having the same issue! BTW if I remove the "push LAN to clients", I can't even connect to my openvpn server, but I suppose this is because the router is not the default gw to the outside word (router defaults all the traffic to another gw). FWIW I have not route directive at all on client side

    Anyway with the setup above, the routing table on my client shows:

    Code:
    192.168.124.0/22 10.10.125.5
    so it appears definitely correct to me. Any hint where I should look at?

    Thanks in advance world!
     

    Attached Files:

  2. GLuDeRo

    GLuDeRo Serious Server Member

    Sorted out: even if you select AUTOMATIC Firewall setup, you need to NAT the tun interface, so put this on the FIREWALL SCRIPT

    Code:
    iptables -t nat -I POSTROUTING -s 10.10.125.0/24 -o br0 -j SNAT --to $(nvram get lan_ipaddr)
    
    Now everything works perfectly!
     
  3. zzz1545

    zzz1545 LI Guru Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice